Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Bcdudley
New Contributor

Endpoint client management with Vdoms

Running version 6.2.2.

I am trying to add Endpoint compliance to my vpn users. The issue I am running into is that since version 6.0, endpoint management has required an EMS server. The EMS server required security fabric and telemetry enabled. If you have vdoms enabled, you cannot enable telemetry. 

 

This means that if you run vdoms, you cannot enforce endpoint compliance. Am I missing something, or is this a huge gaping hole? I am really hoping someone can come along and help me out on this.

1 REPLY 1
thuynh_FTNT
Staff
Staff

Hi Bcdudley, thank you for your question. Please see below.

 

>The EMS server required security fabric and telemetry enabled.

This is not true. You can still configure EMS server and EMS connector without Fabric enabled.

 

>If you have vdoms enabled, you cannot enable telemetry. 

This is also not accurate. Forti telemetry protocol can be enabled per interface regardless of VDOM enabled or not. This will allow EMS to communicate with FGT via any interface that you want. >This means that if you run vdoms, you cannot enforce endpoint compliance.

It is confirmed that FortiOS 6.2.2 can support Endpoint compliance control via EMS with VDOM enabled.

 

If it still doesnt work for you, you can provide more details about your topology and the behaviour that you want and we can take a closer look.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors